Search Results (8420 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-2381 2 Woocommerce, Wordpress 2 Stripe Payment Gateway, Wordpress 2026-06-16 6.5 Medium
The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when processing payment for an order via the `wc_stripe_pay_for_order` WC-AJAX endpoint. The function only validates a nonce (which is publicly available on any WooCommerce page where Express Checkout is enabled), but does not verify that the requesting user owns the target order and is allowed to modify it. This makes it possible for unauthenticated attackers to force any pending order into a failed status by providing a fake payment method, causing a payment exception that updates the order status to "failed" via sequential order ID enumeration.
CVE-2026-42851 1 Kovidgoyal 1 Kitty 2026-06-16 7.8 High
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue body in a TUI, etc. — can cause kitty to execute attacker-supplied Python inside the running kitty process, with the user's full privileges. There is no approval prompt, no remote-control permission requirement, no shell-integration interaction, no clipboard touch, and no editor interaction. Version 0.47.0 fixes the issue.
CVE-2026-39513 2 Easy-appointments, Wordpress 2 Easy Appointments, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
CVE-2026-48881 2 Themetechmount, Wordpress 2 Truebooker, Wordpress 2026-06-16 9.1 Critical
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
CVE-2026-25440 2 Wordpress, Wpdeveloper 2 Wordpress, Essential Addons For Elementor 2026-06-16 5.3 Medium
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
CVE-2026-39503 2 Awesomemotive, Wordpress 2 Easy Digital Downloads, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
CVE-2026-48873 2 Montonio, Wordpress 2 Montonio For Woocommerce, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
CVE-2026-40743 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
CVE-2026-39490 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-42651 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.3 Medium
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVE-2026-40793 2 Groundhogg, Wordpress 2 Groundhogg, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
CVE-2026-42640 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
CVE-2026-42659 2 Nasirahmed, Wordpress 2 Advanced Form Integration, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-34886 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVE-2026-40782 2 Greg Winiarski, Wordpress 2 Wpadverts, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
CVE-2026-40788 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-06-16 7.1 High
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40794 2 Mycred, Wordpress 2 Mycred, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-40774 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVE-2026-48883 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.